CVE-2023-42843 (GCVE-0-2023-42843)

Vulnerability from cvelistv5 – Published: 2024-02-21 06:41 – Updated: 2025-02-13 17:09
VLAI?
Summary
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
  • Visiting a malicious website may lead to address bar spoofing
Assigner
References
Impacted products
Vendor Product Version
Apple iOS and iPadOS Affected: unspecified , < 16.7 (custom)
Create a notification for this product.
    Apple Safari Affected: unspecified , < 17.1 (custom)
Create a notification for this product.
    Apple macOS Affected: unspecified , < 14.1 (custom)
Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 17.1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_and_ipados",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "16.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "safari",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "14.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-42843",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-04T16:39:32.031098Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-290",
                "description": "CWE-290 Authentication Bypass by Spoofing",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T16:45:42.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213981"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213986"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213984"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Visiting a malicious website may lead to address bar spoofing",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T06:06:12.839Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213981"
        },
        {
          "url": "https://support.apple.com/en-us/HT213986"
        },
        {
          "url": "https://support.apple.com/en-us/HT213984"
        },
        {
          "url": "https://support.apple.com/en-us/HT213982"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-42843",
    "datePublished": "2024-02-21T06:41:27.506Z",
    "dateReserved": "2023-09-14T19:05:11.449Z",
    "dateUpdated": "2025-02-13T17:09:48.003Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"17.1\", \"matchCriteriaId\": \"84250563-E42D-4F36-ACB0-081804E27FA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16.7.2\", \"matchCriteriaId\": \"A8F544A7-7CEB-4A84-992F-58710B229579\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.0\", \"versionEndExcluding\": \"17.1\", \"matchCriteriaId\": \"F6AF95A3-F462-498E-848D-C09D0E43ED52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16.7.2\", \"matchCriteriaId\": \"5EB9EAAE-441A-4844-BCB2-1716FD9ACE85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.0\", \"versionEndExcluding\": \"17.1\", \"matchCriteriaId\": \"F53A32D0-DB67-40D7-B14E-3963E696A77E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.44.0\", \"matchCriteriaId\": \"EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.44.0\", \"matchCriteriaId\": \"336F9990-F267-4013-8353-5AA10039C515\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.\"}, {\"lang\": \"es\", \"value\": \"Se solucion\\u00f3 un problema de interfaz de usuario inconsistente con una gesti\\u00f3n de estado mejorada. Este problema se solucion\\u00f3 en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visitar un sitio web malicioso puede provocar una suplantaci\\u00f3n de la barra de direcciones.\"}]",
      "id": "CVE-2023-42843",
      "lastModified": "2024-12-09T17:31:31.750",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}]}",
      "published": "2024-02-21T07:15:48.940",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://support.apple.com/en-us/HT213981\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213982\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213984\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213986\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://support.apple.com/en-us/HT213981\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213982\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213986\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-42843\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2024-02-21T07:15:48.940\",\"lastModified\":\"2024-12-09T17:31:31.750\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de interfaz de usuario inconsistente con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visitar un sitio web malicioso puede provocar una suplantaci\u00f3n de la barra de direcciones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"84250563-E42D-4F36-ACB0-081804E27FA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.7.2\",\"matchCriteriaId\":\"A8F544A7-7CEB-4A84-992F-58710B229579\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"F6AF95A3-F462-498E-848D-C09D0E43ED52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.7.2\",\"matchCriteriaId\":\"5EB9EAAE-441A-4844-BCB2-1716FD9ACE85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"F53A32D0-DB67-40D7-B14E-3963E696A77E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.44.0\",\"matchCriteriaId\":\"EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.44.0\",\"matchCriteriaId\":\"336F9990-F267-4013-8353-5AA10039C515\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/26/1\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://support.apple.com/en-us/HT213981\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213982\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213984\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213986\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://support.apple.com/en-us/HT213981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213981\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213986\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213984\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213982\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:30:24.570Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42843\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-04T16:39:32.031098Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"ios_and_ipados\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"16.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"macos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"14.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-290\", \"description\": \"CWE-290 Authentication Bypass by Spoofing\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:11.947Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.1\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213981\"}, {\"url\": \"https://support.apple.com/en-us/HT213986\"}, {\"url\": \"https://support.apple.com/en-us/HT213984\"}, {\"url\": \"https://support.apple.com/en-us/HT213982\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Visiting a malicious website may lead to address bar spoofing\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2024-05-07T06:06:12.839Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-42843\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:09:48.003Z\", \"dateReserved\": \"2023-09-14T19:05:11.449Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2024-02-21T06:41:27.506Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.